import re
from models import User

def validate_register_data(data):
    """验证注册数据"""
    errors = {}
    
    # 验证用户名
    username = data.get('username')
    if not username:
        errors['username'] = 'Username is required'
    elif len(username) < 3 or len(username) > 30:
        errors['username'] = 'Username must be between 3 and 30 characters'
    elif not re.match(r'^[a-zA-Z0-9_]+$', username):
        errors['username'] = 'Username can only contain letters, numbers, and underscores'
    elif User.query.filter_by(username=username).first():
        errors['username'] = 'Username already exists'
    
    # 验证密码
    password = data.get('password')
    if not password:
        errors['password'] = 'Password is required'
    elif len(password) < 8:
        errors['password'] = 'Password must be at least 8 characters'
    elif not re.search(r'[A-Z]', password):
        errors['password'] = 'Password must contain at least one uppercase letter'
    elif not re.search(r'[0-9]', password):
        errors['password'] = 'Password must contain at least one number'
    elif not re.search(r'[!@#$%^&*(),.?":{}|<>]', password):
        errors['password'] = 'Password must contain at least one special character'
    
    # 验证确认密码
    confirm_password = data.get('confirm_password')
    if password and confirm_password and password != confirm_password:
        errors['confirm_password'] = 'Passwords do not match'
    
    return errors

def validate_login_data(data):
    """验证登录数据"""
    errors = {}
    
    if not data.get('username'):
        errors['username'] = 'Username is required'
    
    if not data.get('password'):
        errors['password'] = 'Password is required'
    
    return errors

def validate_message_data(data):
    """验证消息数据"""
    errors = {}
    
    if not data.get('receiver_id'):
        errors['receiver_id'] = 'Receiver ID is required'
    
    if not data.get('encrypted_content'):
        errors['encrypted_content'] = 'Encrypted content is required'
    
    if not data.get('message_key'):
        errors['message_key'] = 'Message key is required'
    
    if not data.get('nonce'):
        errors['nonce'] = 'Nonce is required'
    
    if not data.get('tag'):
        errors['tag'] = 'Tag is required'
    
    return errors

def validate_user_update_data(data):
    """验证用户更新数据"""
    errors = {}
    
    if 'username' in data:
        username = data['username']
        if len(username) < 3 or len(username) > 30:
            errors['username'] = 'Username must be between 3 and 30 characters'
        elif not re.match(r'^[a-zA-Z0-9_]+$', username):
            errors['username'] = 'Username can only contain letters, numbers, and underscores'
    
    if 'password' in data:
        password = data['password']
        if len(password) < 8:
            errors['password'] = 'Password must be at least 8 characters'
        elif not re.search(r'[A-Z]', password):
            errors['password'] = 'Password must contain at least one uppercase letter'
        elif not re.search(r'[0-9]', password):
            errors['password'] = 'Password must contain at least one number'
        elif not re.search(r'[!@#$%^&*(),.?":{}|<>]', password):
            errors['password'] = 'Password must contain at least one special character'
    
    return errors

def validate_law_enforcement_request(data):
    """验证执法部门请求"""
    errors = {}
    
    if not data.get('message_id'):
        errors['message_id'] = 'Message ID is required'
    
    if not data.get('authorization_token'):
        errors['authorization_token'] = 'Authorization token is required'
    
    if not data.get('reason'):
        errors['reason'] = 'Reason for decryption is required'
    
    return errors